Spring Boot Actuator - 无法禁用/info 端点 [英] Spring Boot Actuator - Cannot disable /info endpoint
问题描述
我尝试在 application.yml
配置文件中禁用生产环境的所有执行器端点:
I tried disabling all actuator endpoints for production environment in application.yml
configuration file:
endpoints.enabled: false
它适用于除/info 之外的所有端点.如何关闭给定环境的所有端点?
It works for all endpoints except for /info. How can I turn off all endpoints for given environment?
更新:
我正在从事的项目也是 Eureka 客户.在 Spring Cloud Netflix 文档中的状态页面和健康指标 (http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html)它说Eureka 实例默认为/info"和/health"分别".
Project I am working on is also acting as Eureka client. In documentation for Spring Cloud Netflix in section Status Page and Health Indicator (http://cloud.spring.io/spring-cloud-netflix/spring-cloud-netflix.html) it says that "Eureka instance default to "/info" and "/health" respectively".
是否有禁用这些端点的解决方案?
Is there any solution to disable those endpoints?
我可以使用 endpoints.enabled: false
禁用 /health 端点,但不能使用 /info 端点.
I was able to disable /health endpoint with endpoints.enabled: false
, but not the /info endpoint.
推荐答案
最后我设法解决了我的问题.我在执行器中只启用了/info 和/health 端点.为了只允许具有 ADMIN 角色的用户访问/info 端点,我需要混合执行器管理安全和弹簧安全配置.
Finally I managed to solve my problem. I enabled only /info and /health endpoints in actuator. And to allow access to /info endpoint only to users with role ADMIN I needed to mix actuator management security and spring security configuration.
所以我的 application.yml 看起来像这样:
So my application.yml looks like this:
endpoints.enabled: false
endpoints:
info.enabled: true
health.enabled: true
management.security.role: ADMIN
像这样的 spring 安全配置(我需要改变 ManagementSecurityConfig 的顺序以获得更高的优先级):
And spring security configuration like this (where I needed to change order of ManagementSecurityConfig to have higher priority):
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration {
@Configuration
protected static class AuthenticationSecurity extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private AuthenticationProvider authenticationProvider;
public AuthenticationSecurity() {
super();
}
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("secret").roles("ADMIN");
}
}
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE + 2)
public static class ManagementSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.requestMatchers()
.antMatchers("/info/**")
.and()
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// API security configuration
}
}
}
这篇关于Spring Boot Actuator - 无法禁用/info 端点的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!